After a year when multiple incidents demonstrated the extent of organisations' vulnerability to data breaches and cyber attacks, what cyber security threats can we foresee in 2022?
1. Ransomware achieves new complexities
In 2021 ransomware attacks reached an all-time high, accompanied by record-breaking ransomware payouts. These attacks were more sophisticated than what has been seen in previous years and have targeted critical infrastructure, governments, and global companies.
The next 12 months will likely see increasingly sophisticated, frequent and bold activity from hackers and ransomware gangs. This is likely to include more of the triple extortion and quadruple extortion tactics that emerged in 2021 ─ an expansion on the double extortion tactics (encryption and data theft) that proliferated in 2020. Hackers began not only encrypting their victims' data and threatening to leak sensitive information publicly, but also providing additional threats by conducting distributed denial-of-service (DDoS) attacks; harassing the customers, business partners and employees of the organisation under attack as well as the media; and threatening to leak sensitive data of these third parties.
2022 may also see further growth in a new business model known as Ransomware-as-a-Service (RaaS), which has made ransomware attacks more easily accessible to the average criminal. RaaS enables people to subscribe to use already developed ransomware tools to execute attacks, in return for a percentage of each successful ransom payment. This means that people with little technical knowledge have the ability to launch ransomware attacks. RaaS kits are accessible on the dark web and vary in price. According to CrowdStrike, they can range from $40 per month to several thousand dollars and can include 24/7 support, bundle deals and user reviews.
As long as ransomware remains profitable, new and existing threat actors will continue to develop new ways to extort money from victims.
2. Supply chain attacks become more widespread
A supply chain attack occurs when a threat actor uses a less-secure element in a supply chain ─ usually a third party ─ to infiltrate the system. They can be used to perform any type of attack, such as a malware infection or data breach. The SolarWinds attack, discussed here, is an example of a software supply chain attack, where hackers infiltrated SolarWinds' network monitoring product through malicious updates to access a number of other high-profile organisations and government agencies. The Kaseya attack is also an example of a supply chain attack.
We expect that these attacks will become more common and widespread in 2022. The Kaseya breach, for example, impacted over 1,500 companies and its success is likely to continue to cause the tactics, techniques, and procedures (TTPs) used to carry out the attack to be commodified, with other threat actors hoping to achieve the same success. It is also likely that critical infrastructure, particularly the healthcare and energy industries, will be targeted as they utilise a large amount of hardware and software from various vendors.
3. Deep fake technology becomes more sophisticated
Deep fake technology is not new or inherently dangerous. Deep fake is a digital forgery that uses a form of artificial intelligence (AI) called deep learning to create new content or replace an existing image or video with someone else's likeness. The technology has become widespread since 2017 and is easy to use. Popular examples include "face-swapping" applications, lip syncing videos and the creation of "sockpuppets", or misleading online identities.
As this technology rapidly grows in sophistication, there are concerns at the ease with which cybercriminals can create realistic forgeries to assist them in carrying out attacks. When committing forgery, it is traditionally difficult to pose as someone else, especially if you are a foreign national. With deep fake technology, however, cyber criminals are able to undertake more convincing business email compromise attacks. For example, using audio-visual generation to pose as an executive over an audio file or videoconferencing platform can deceive employees into making large monetary transfers or disclosing confidential information.
It has recently been reported that this technology is spreading on the dark web, with forums dedicated to sharing deep fake expertise and threat actors now offering customers services and tutorials, in a similar fashion to RaaS. Whilst the main use for weaponised deep fakes presently seems to be propaganda and disinformation for political purposes, as organisations become more cyber resilient, we predict that cyber criminals will adopt this technology to continue to target organisations in a more convincing way.
4. Crypto wallets enable crypto crime
The traditional theft of information through bank transfers has become more difficult for attackers, with financial institutions now encrypting transactions and requiring multi-step verification. As more people invest and trade in cryptocurrency, attackers are likely to turn their attention to these digital assets, which are less regulated and less likely to be protected by cyber security measures.
In September 2021 there were reports of attackers stealing crypto wallets by sending malicious non-fungible tokens (NFTs).1 In response, Check Point Research investigated OpenSea, the world's largest NFT marketplace, and found critical security vulnerabilities on OpenSea’s platform that, if exploited, could have led hackers to hijack user accounts and steal users' entire crypto wallets by sending malicious NFTs.
We also saw the largest cryptocurrency heist globally in August 2021, with hackers stealing US$600 million from Poly Network, a decentralised finance (DeFi) platform that facilitates peer-to-peer transactions with a focus on allowing users to transfer or swap tokens across different blockchains. The anonymous hacker claimed to have carried out the heist "for fun" and to encourage Poly Network to improve its security. The hacker returned the vast majority of the stolen funds, and their identity remains unknown.
2022 may see a rise in cryptojacking, which involves the unauthorised use of people's devices, usually computers, by cyber criminals to mine for cryptocurrency. Cryptojackers hack into their victim's devices, usually through malicious emails or infecting a website or online ad, and install cryptojacking software which they then run in the background. They then use significant computing power to create new blocks in exchange for cryptocurrency, but utilise their victim's electricity so that they do not incur additional power costs. Sophos predicts that along with ransomware, cryptojacking will be one of the most prominent ways criminals receive cryptocurrency payments from victims.
Threat actors know that there is a window of opportunity as more and more people invest in cryptocurrency and security measures and regulations are still catching up. As a result, we predict that cryptocurrency related attacks will rise in 2022.
1A non-fungible token is a unique and non-interchangeable unit of data stored on a digital ledger.
All information on this site is of a general nature only and is not intended to be relied upon as, nor to be a substitute for, specific legal professional advice. No responsibility for the loss occasioned to any person acting on or refraining from action as a result of any material published can be accepted.